Forums

Resolved
0 votes
Hello,

i configured one scope on clearos dhcp server but the server is not serving dhcp clients, i disabled my local router dhcp server and my devices cand get ip address from any dhcp server please help me to understand what i am doing wrong.

Picture-1
Picture-2

Thanks


Ervin
Friday, August 17 2018, 06:36 AM
Share this post:

Accepted Answer

Saturday, August 18 2018, 07:59 AM - #Permalink
Resolved
1 votes
The netstat command should have been:
netstat -pln | egrep ':(67|68) '
I can pick out what I needed from yours.

The problem appears to be the firewall. It is only open to DHCP when ClearOS is trying to get its connection by DHCP. You will need a custom firewall rule as an incoming rule uses your WAN IP and initial packets are broadcast to 255.255.255.255 and not directed to the WAN interface, so, at the command line try:
iptables -I INPUT -p tcp --dport 67 -j ACCEPT
If that works, change the "iptables" to "$IPTABLES" and put it into the custom firewall module.

BTW, you will need to get quite involved with your firewall if you are firewalling ClearOS from your LAN. If you want it to act as your DNS server you'll need to open udp:53 and tcp:53. If you want it as a file server you'll need more for Samba and so on. Normally Standalone with Firewall is meant for a standalone internet facing device.
The reply is currently minimized Show
Responses (10)
  • Accepted Answer

    Friday, August 17 2018, 08:09 AM - #Permalink
    Resolved
    0 votes
    Is ClearOS in Gateway or Standalone mode?

    If you're disabling DHCP in the router but still using it as your gateway, I'd expect ClearOS to be in Standalone mode. If it is replacing your router as the gateway it should be in Gateway mode.

    Can you make a diagram or describe your set up (with IP addresses as well)?

    Also, what is the contents of /etc/clearos/network.conf and the result of the command
    ifconfig
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 08:36 AM - #Permalink
    Resolved
    0 votes
    Hello Nick,

    please see below the requested information's

    Network Diagram


    [root@server ~]# cat /etc/clearos/network.conf

    # Network mode
    MODE="standalone"

    # Network interface roles
    EXTIF="enp2s0f0"
    LANIF=""
    DMZIF=""
    HOTIF=""

    # Domain and Internet Hostname
    DEFAULT_DOMAIN="darzu.com"
    INTERNET_HOSTNAME="server.darzu.com"

    # Extra LANS
    EXTRALANS=""

    # ISP Maximum Speeds
    ENP2S0F0_MAX_DOWNSTREAM=100000
    ENP2S0F0_MAX_UPSTREAM=100000



    and the output for ifconfig


    [root@server ~]# ifconfig
    enp2s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.13.28 netmask 255.255.255.0 broadcast 192.168.13.255
    inet6 2a02:2f08:890d:4700:7210:6fff:feca:57c4 prefixlen 64 scopeid 0x0<global>
    inet6 fe80::7210:6fff:feca:57c4 prefixlen 64 scopeid 0x20<link>
    ether 70:10:6f:ca:57:c4 txqueuelen 1000 (Ethernet)
    RX packets 37874 bytes 28613558 (27.2 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 11134 bytes 4918629 (4.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
    device interrupt 31

    enp2s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    ether 70:10:6f:ca:57:c5 txqueuelen 1000 (Ethernet)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
    device interrupt 32

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 3646 bytes 388164 (379.0 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3646 bytes 388164 (379.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0



    p.s. do you know why I cant attach pictures on the forum i tried using the Picture tag from the toolbar but not working with the Dropbox link.

    Thanks

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 09:48 AM - #Permalink
    Resolved
    0 votes
    I can't do pictures either. I just attach files, but then I can't control where they go in the post.

    Your network should work but I would put the DNS servers the other way round. That does not affect DHCP leases.

    I assume you've given ClearOS a Static IP? I'd normally give it a low one or high one but it should work with .28 as long as it is fixed. With your router on .1 I'd normally give it .2 or .254 (and adjust the DHCP scope).

    If your client PC is Windows, it may detect a new network, in which case it needs to be configured and trusted.

    I can't think of any obvious reason why it is not working. You may need to run tcpdump on ports 67 and 68 to sniff what is happening.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 09:59 AM - #Permalink
    Resolved
    0 votes
    I like the number 28 :) past days I had some issue with dns service and I changed in one of the conf file from 127.0.0.1 to 192.168.13.1 and the dns lookup it was ok again, I never used this installation (installed ~ 2 weeks ago) for dhcp server yet, but I had installed 1 week ago a gui because I wanted to test a kvm installation, after this started the issue with the DNS could be related to this?

    Thanks

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 10:56 AM - #Permalink
    Resolved
    0 votes
    They should not be related. The file you probably edited was /etc/resolv.conf. I suggest you change it back then in the Webconfig, in IP settings set a manual DNS server of 192.168.13.1. If you have to change a file, edit /etc/resolv-peerdns.conf instead but using the Webconfig is preferable.

    The use of a GUI in ClearOS is not recommended. Have you tried using kimchi instead. I've never tried it so it is not a recommendation.

    I still can't think why DHCP is not working unless the GUI came with its own network management utilities (especially NetworkManager) which are interfering with ClearOS
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 08:38 PM - #Permalink
    Resolved
    0 votes
    I had switched off the dhcp server on my router again and run wireshark when i tried to get new ip i dont get response from any dhcp server the dhcp request from my pc is there, see the attached picture.

    Dhcp request

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 17 2018, 09:06 PM - #Permalink
    Resolved
    0 votes
    I guess this calls for more intense troubleshooting. I know you're running a desktop on ClearOS, but can I suggest some remote access with PuTTy and WinSCP. With PuTTy (a terminal) you can copy text just by selecting it. Then you can paste it straight into the forum.

    Can you check dnsmasq is running with a:
    systemctl status dnsmasq.service
    and that it is running as expected:
    ps aux | grep dnsm
    netstat -pln | egrep ':(67|68) '
    You can paste into PuTTy just by right-clicking.

    [edit]
    Also, what is the contents of /etc/sysconfig/network-scripts/ifcfg-enp2s0f0?
    [/edit]

    [edit2]
    Please also confirm you are in Standalone Without Firewall mode or give the results of:
    iptables -nvL
    But please but the output between code tags.
    [/edit2]
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 18 2018, 06:29 AM - #Permalink
    Resolved
    0 votes
    Hello Nick,

    the requested outputs


    [root@server ~]# systemctl status dnsmasq.service -l
    ● dnsmasq.service - DNS caching server.
    Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
    Active: active (running) since Thu 2018-08-16 22:57:23 EEST; 1 day 10h ago
    Main PID: 1016 (dnsmasq)
    Tasks: 1
    CGroup: /system.slice/dnsmasq.service
    └─1016 /usr/sbin/dnsmasq -k

    Aug 16 22:57:23 server.darzu.com systemd[1]: Starting DNS caching server....
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: started, version 2.76 cachesize 5000
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
    Aug 16 22:57:23 server.darzu.com dnsmasq-dhcp[1016]: DHCP, IP range 192.168.13.150 -- 192.168.13.254, lease time 3d
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: reading /etc/resolv-peerdns.conf
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 192.168.13.1#53
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 1.1.1.1#53
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 8.8.8.8#53
    Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: read /etc/hosts - 2 addresses
    Aug 16 22:57:23 server.darzu.com dnsmasq-dhcp[1016]: read /etc/ethers - 0 addresses



    the next output


    [root@server ~]# ps aux | grep dnsm
    nobody 1016 0.0 0.0 52704 2388 ? Ss Aug16 0:00 /usr/sbin/dnsmasq -k
    root 29970 0.0 0.0 112708 956 pts/0 S+ 09:22 0:00 grep --color=auto dnsm


    i need tot modify at the syntax of netstat because it was giving me error i hope didnt modified the scope of the function



    [root@server ~]# netstat -pln | egrep '(67|68)'
    tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1683/mysqld
    udp 0 0 0.0.0.0:67 0.0.0.0:* 1016/dnsmasq
    unix 2 [ ACC ] STREAM LISTENING 28845 1688/gnome-session- @/tmp/.ICE-unix/1688
    unix 2 [ ACC ] STREAM LISTENING 17676 1/systemd /run/dbus/system_bus_socket
    unix 2 [ ACC ] STREAM LISTENING 17679 1/systemd /var/run/rpcbind.sock
    unix 2 [ ACC ] STREAM LISTENING 19705 767/gssproxy /var/lib/gssproxy/default.sock
    unix 2 [ ACC ] STREAM LISTENING 26320 1167/gdm @/tmp/dbus-wGte83wG
    unix 2 [ ACC ] STREAM LISTENING 17675 1/systemd @ISCSID_UIP_ABSTRACT_NAMESPACE
    unix 2 [ ACC ] STREAM LISTENING 26316 1167/gdm @/tmp/dbus-YhU4jnVO
    unix 2 [ ACC ] STREAM LISTENING 30276 1683/mysqld /var/lib/mysql/mysql.sock
    unix 2 [ ACC ] STREAM LISTENING 26317 1167/gdm @/tmp/dbus-lQ3OxpoE
    unix 2 [ ACC ] STREAM LISTENING 33363 2683/dbus-daemon @/tmp/dbus-VjDmAJqTma
    unix 2 [ ACC ] STREAM LISTENING 26319 1167/gdm @/tmp/dbus-p43KbqFm
    unix 2 [ ACC ] STREAM LISTENING 16851 1/systemd @ISCSIADM_ABSTRACT_NAMESPACE
    unix 2 [ ACC ] STREAM LISTENING 16848 1/systemd /var/run/libvirt/virtlockd-sock
    unix 2 [ ACC ] STREAM LISTENING 16852 1/systemd /var/run/libvirt/virtlogd-sock
    unix 2 [ ACC ] STREAM LISTENING 28846 1688/gnome-session- /tmp/.ICE-unix/1688
    unix 2 [ ACC ] STREAM LISTENING 19706 767/gssproxy /run/gssproxy.sock




    [root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp2s0f0
    DEVICE=enp2s0f0
    TYPE="Ethernet"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.13.28"
    NETMASK="255.255.255.0"
    GATEWAY="192.168.13.1"





    [root@server ~]# iptables -nvL
    Chain INPUT (policy DROP 10098 packets, 1678K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    61 3501 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- enp2s0f0 * 127.0.0.0/8 0.0.0.0/0
    110 17600 DROP all -- enp2s0f0 * 169.254.0.0/16 0.0.0.0/0
    1626 163K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    1451 42142 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    2 144 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    0 0 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    50 28800 ACCEPT udp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    560 44434 ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:22
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:8081
    11761 3822K ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:81
    456 39928 ACCEPT udp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    155 393K ACCEPT tcp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    1687 166K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    1466 43018 ACCEPT icmp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    581 162K ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:22
    0 0 ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:8081
    11120 8783K ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:81
    626 53447 ACCEPT all -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
    [root@server ~]#




    I hope i had done as you requested!.

    Thanks

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 18 2018, 08:43 AM - #Permalink
    Resolved
    0 votes
    Wow Nick you are a genius :) i switched to standalone without firewall and everything is fine at the moment!
    Thanks for your great support, i am behind firewall of the router so i will not struggle with firewall on the clearos server.

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 18 2018, 10:44 AM - #Permalink
    Resolved
    1 votes
    Glad it is working now.

    The forum is making a mess of my egrep rule. It should start "single quote" then "colon" then "open bracket", but it looks like the "colon" then "open bracket" is being dropped by the forum (a smilie?). This may show better and achieve the same thing:
    netstat -pln | egrep '(:67|:68) '


    [edit]
    Yay! It worked.
    [/edit]
    The reply is currently minimized Show
Your Reply